Over on DataBreaches.net and this site, I’ve often noted that “small breaches” – those that only involve 1 or a few individuals – are often more impactful than many of the large breaches that tend to monopolize headlines. Here’s another example, reported by Wilhelmina Shrimpton:

Vodafone has apologised after breaching the privacy of one of its customers.

The woman says her safety was put at risk when her protection order was breached after the company gave her ex-husband access to her phone account.

Amy, whose name has been changed as she did not want to be identified, says she’s been a loyal Vodafone customer for around a decade. But she was horrified when they allowed her ex-husband to access her account.

Her ex-husband first contacted Vodafone in May 2015, and, as an authorised user, requested to change the woman’s details.

Later that month when Amy was unable to access her account, she filed for a permanent protection order.

She rang the Telco, had her PIN changed, restricted access, and had a note made on her file.

But in January this year the woman’s ex-husband was able to access her details again. That’s because her old PIN could still be used, as it was only changed on one of three access levels of her account. The customer service rep also failed to read the note on her file.

“I knew he was probably going through my phone list and contacting numbers of people he didn’t recognise and didn’t know to find out who they are and verbally abuse them.”

Amy says that should never have happened, and the Telecommunication Users Association agrees.

Contact Me

Reach me via email to admin[at]pogowasright.org.
You can find me on Twitter as @pogowasright.
I'm also on Jabber as [email protected]
If you know about a breach that should be included on this site or need to contact me about another matter, e-mail me: admin[at]databreaches.net
Alternate Email: breaches[at]protonmail.ch.
Need Signal for tips or leaks? It's available, as are Ricochet and Wire. Just ask.